安全研究

安全漏洞
File(1)工具file_printf整数溢出漏洞

发布日期:2007-03-19
更新日期:2007-05-24

受影响系统:
file file < 4.20
不受影响系统:
file file 4.20
描述:
BUGTRAQ  ID: 23021
CVE(CAN) ID: CVE-2007-1536

File(1)是用于查看文件类型信息的命令行工具。

File工具的file_printf函数中存在整数下溢漏洞,如果用户使用File命令查看了特制文件的话,就可以触发堆溢出,导致执行任意指令。

<*来源:Jean-Sebastien Guay-Lero
        Christos Zoulas (christos@zoulas.com
  
  链接:http://secunia.com/advisories/24548/
        http://mx.gw.com/pipermail/file/2007/000161.html
        http://lwn.net/Alerts/227548
        http://www.debian.org/security/2007/dsa-1274
        http://security.gentoo.org/glsa/glsa-200703-26.xml
        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-07:04.file.asc
*>

建议:
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-1274-1)以及相应补丁:
DSA-1274-1:New file packages fix arbitrary code execution
链接:http://www.debian.org/security/2007/dsa-1274

补丁下载:
Source archives:

http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1.dsc
Size/MD5 checksum:      693 951d84ef18e8738d58cda73d1680ce66
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1.diff.gz
Size/MD5 checksum:    24145 ef79b92b6d0d4af9985200abb3eb24f5
http://security.debian.org/pool/updates/main/f/file/file_4.17.orig.tar.gz
Size/MD5 checksum:   556270 50919c65e0181423d66bb25d7fe7b0fd

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_alpha.deb
Size/MD5 checksum:    32578 75a84c91d0dc6e4045e0307cc62fb918
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_alpha.deb
Size/MD5 checksum:    70020 b69805d0887244d6b7918080df4e8b7b
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_alpha.deb
Size/MD5 checksum:   281336 6276a026bb520a16fcfb947dc725eb43
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_alpha.deb
Size/MD5 checksum:    23568 94acf8d52b7856807e71b35d60eb74af

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_amd64.deb
Size/MD5 checksum:   276290 37c72fc764b288f8d4a7894f4cebf3ef
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_amd64.deb
Size/MD5 checksum:    56574 2aba6876dd12752ea2ecd56f898ab9af
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_amd64.deb
Size/MD5 checksum:    32104 0f00096249fe444ebb95ddae6492909c
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_amd64.deb
Size/MD5 checksum:    23394 36dd3f866c7fb19e77d761b8416b4b2c

arm architecture (ARM)

http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_arm.deb
Size/MD5 checksum:    31742 43b1a7fee3dfd774824f8293e9220073
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_arm.deb
Size/MD5 checksum:   274096 1f863470c5588fbc24847bd1a1c7759f
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_arm.deb
Size/MD5 checksum:    53536 ee901555075f56e83be246d395e4718c
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_arm.deb
Size/MD5 checksum:    22818 748d71238d5e4e1624a57eaacf28ab5c

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_hppa.deb
Size/MD5 checksum:    32648 55eae0d1ec07c49ccfe1345884dab0f0
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_hppa.deb
Size/MD5 checksum:   281328 0921611f2e7dbf5f1d94ded1e7887321
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_hppa.deb
Size/MD5 checksum:    63238 69270cb5bd7219367fcf269f1c624cb0
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_hppa.deb
Size/MD5 checksum:    23892 98ac67130b2f5c8faadba02c304bee05

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_i386.deb
Size/MD5 checksum:   275476 73727e6a1bee1b2050fe7d010fb832d2
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_i386.deb
Size/MD5 checksum:    31714 e016c717ba5d75feede13eeeab5f7cf3
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_i386.deb
Size/MD5 checksum:    22632 d4f1bd064d6531149b5b643b102bf1da
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_i386.deb
Size/MD5 checksum:    53782 cb34870b1e90d01a8cf7894b8b2b3559

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_ia64.deb
Size/MD5 checksum:    34260 4e287815dbec95b699ee6ea1b2151f7c
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_ia64.deb
Size/MD5 checksum:    24600 51d7107c00e200715bddee79f4b53749
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_ia64.deb
Size/MD5 checksum:   291318 1573c597577a1db4fbca2295fb790793
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_ia64.deb
Size/MD5 checksum:    74386 b8c3908f66d5db52ec48d606e709beb4

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_m68k.deb
Size/MD5 checksum:    22988 4eefbe6fc4cf61b37bc34854a7438b5a
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_m68k.deb
Size/MD5 checksum:    51348 f72decddef01b440a841a039eafb1092
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_m68k.deb
Size/MD5 checksum:   275476 ce16292818420b3de04de3dc16ff1a1e
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_m68k.deb
Size/MD5 checksum:    31570 cf983c2f04cba4ac2674fff5af0cfa5a

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_mipsel.deb
Size/MD5 checksum:   275660 e342725b89601aba62ddb1a03f33af5c
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_mipsel.deb
Size/MD5 checksum:    23052 797b6cfb28601868bb148998f8d49615
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_mipsel.deb
Size/MD5 checksum:    32322 7bc9c065901e11cec20dd0847d599667
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_mipsel.deb
Size/MD5 checksum:    61390 53f30479c3d8f562c14862d2c194ee0b

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_powerpc.deb
Size/MD5 checksum:    24616 64e39d96465acd81c26eeae8507e343b
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_powerpc.deb
Size/MD5 checksum:    59796 d2fcf2ce16799b78bd09f56c7c9d6461
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_powerpc.deb
Size/MD5 checksum:   278352 c2eda0cd03692bfb6375540367a4879e
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_powerpc.deb
Size/MD5 checksum:    33726 0f5095a99deea057dfbd2a9ef1927b07

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_s390.deb
Size/MD5 checksum:    32252 ddf5036309547eeb00c80f2e3b9e475c
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_s390.deb
Size/MD5 checksum:    58528 ab83218ff4202b043df421c10da4b54d
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_s390.deb
Size/MD5 checksum:   278388 25db07b89c16397c0124623e1dc83711
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_s390.deb
Size/MD5 checksum:    23552 400fb303defedd99650f169d8aac9a07

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_sparc.deb
Size/MD5 checksum:    55700 d0032c600fb63d0dc4a75d2418cf1011
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_sparc.deb
Size/MD5 checksum:    31868 7c102bd051db8b5ab30115e738b14165
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_sparc.deb
Size/MD5 checksum:   275312 dad1ced332b6cd4f589ce5092e2cf6aa
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_sparc.deb
Size/MD5 checksum:    22866 2d7a344cf2dafa77f7715f87ebb95bec

Debian 3.1 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1.diff.gz
Size/MD5 checksum:    17938 280dd71f4e252f06075c39bfaa299c30
http://security.debian.org/pool/updates/main/f/file/file_4.12.orig.tar.gz
Size/MD5 checksum:   414600 09488a9d62bc6627b48a8c93e12d72f8
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1.dsc
Size/MD5 checksum:      617 35369fd62fb18da83aaeb7c4f344dd4c

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_alpha.deb
Size/MD5 checksum:   238446 6ab7e10b3ccd6996257358441944cc4c
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_alpha.deb
Size/MD5 checksum:    60372 5d9f2ab63560957deaaf094402876595
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_alpha.deb
Size/MD5 checksum:    29802 2a93ec360a35a307275f5289835756ee

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_amd64.deb
Size/MD5 checksum:    48820 94792b5f5fc9d54a048ed5fd84f68bd8
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_amd64.deb
Size/MD5 checksum:   234488 0eb406eb95834f062d48ac634d9f692a
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_amd64.deb
Size/MD5 checksum:    29392 083ff4d77e47544fc823abd5cde77c3b

arm architecture (ARM)

http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_arm.deb
Size/MD5 checksum:    48120 75fb618134a4d6b76e5899273ac7abce
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_arm.deb
Size/MD5 checksum:    28770 a7be2037c858590be36fb0ddab26232a
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_arm.deb
Size/MD5 checksum:   231616 58646ecdaaac4fee66d65cedb9d7afa3

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_hppa.deb
Size/MD5 checksum:    52528 271a0268649c27e6a0a5a3363d660158
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_hppa.deb
Size/MD5 checksum:   238184 6ea1a29a90b1b6571c657d80f70fd8b7
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_hppa.deb
Size/MD5 checksum:    29892 90f8c9693d044447b3936c525f07ac71

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_i386.deb
Size/MD5 checksum:    28778 5dc2a6e2ae0e369822375952d4f09661
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_i386.deb
Size/MD5 checksum:    45386 3526099e71273498e46541578303ca4c
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_i386.deb
Size/MD5 checksum:   234522 606140908844c8181f9e0a53c15374e4

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_ia64.deb
Size/MD5 checksum:   244072 3cbf0c667572a10a5f8579d53eafbe3d
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_ia64.deb
Size/MD5 checksum:    61296 267571facbab4099dbfb12d89400e74c
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_ia64.deb
Size/MD5 checksum:    30942 88099993187e92e188802b7d8996fda9

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_m68k.deb
Size/MD5 checksum:   232484 c35535ce37901120062d47431066e946
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_m68k.deb
Size/MD5 checksum:    28710 601b08cb90d21aac8bed905e2d554a84
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_m68k.deb
Size/MD5 checksum:    42630 82849929ce261da16590c876a2e7a978

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_mips.deb
Size/MD5 checksum:   234744 0a50e0dfe8370a65a0899943c1bd6506
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_mips.deb
Size/MD5 checksum:    52510 fcb6e150660aff04c5b487e999814a03
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_mips.deb
Size/MD5 checksum:    29620 36c0183df84f44516c6e32668a2236b1

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_mipsel.deb
Size/MD5 checksum:    52534 6d556dcaaf27cdc86a69b1fe11c89b8b
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_mipsel.deb
Size/MD5 checksum:   234558 aaed5e4d40c36b31f201c93613dd0c20
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_mipsel.deb
Size/MD5 checksum:    29620 c00d1715534ff3b95a6c6156290e4800

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_powerpc.deb
Size/MD5 checksum:   236644 1f7fbf49b8818db458ead63b043d8fea
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_powerpc.deb
Size/MD5 checksum:    30658 7152ead6e4a9e9f37fde881577f02caa
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_powerpc.deb
Size/MD5 checksum:    51396 16ff41ac4bbfcc6565b5145c17aedf80

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_s390.deb
Size/MD5 checksum:    29450 66990243c08fcccf849951cea6d4dedb
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_s390.deb
Size/MD5 checksum:    50394 f39ed1ee907ec2e1c498aad4dbddcdef
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_s390.deb
Size/MD5 checksum:   236116 b5cda283c9db32b89e5441194a335302

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_sparc.deb
Size/MD5 checksum:    28856 11efe46dea9c9b490783766edb31d521
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_sparc.deb
Size/MD5 checksum:    48308 ea756379607f0078a1d58a87b1c4ec6b
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_sparc.deb
Size/MD5 checksum:   234004 32eecd3db459b68c992cd3e87d9f15c1

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

FreeBSD
-------
FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-07:04)以及相应补丁:
FreeBSD-SA-07:04:Heap overflow in file(1)
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-07:04.file.asc

补丁下载:

执行以下步骤之一:

1) 将有漏洞的系统升级到5-STABLE或6-STABLE,或修改日期之后的RELENG_6_2、RELENG_6_1或RELENG_5_5安全版本。

2) 为当前系统打补丁:

以下补丁确认可应用于FreeBSD 5.5、6.1和6.2系统。

a) 从以下位置下载相关补丁,并使用PGP工具验证附带的PGP签名。

[FreeBSD 5.5]
# fetch http://security.FreeBSD.org/patches/SA-07:04/file5.patch
# fetch http://security.FreeBSD.org/patches/SA-07:04/file5.patch.asc

[FreeBSD 6.1和6.2]
# fetch http://security.FreeBSD.org/patches/SA-07:04/file6.patch
# fetch http://security.FreeBSD.org/patches/SA-07:04/file6.patch.asc

b) 应用补丁。

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/libmagic
# make obj && make depend && make && make install

RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2007:0124-01)以及相应补丁:
RHSA-2007:0124-01:Moderate: file security update
链接:http://lwn.net/Alerts/227548

Gentoo
------
Gentoo已经为此发布了一个安全公告(GLSA-200703-26)以及相应补丁:
GLSA-200703-26:file: Integer underflow
链接:http://security.gentoo.org/glsa/glsa-200703-26.xml

所有Gentoo用户都应升级到最新版本:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=3Dsys-apps/file-4.20"

file
----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

ftp://ftp.astron.com/pub/file/file-4.20.tar.gz

浏览次数:3816
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客